VMware said on Wednesday that is has released an update to its AirWatch enterprise mobile management and security platform to address information disclosure vulnerabilities that could leak sensitive IT-related organizational information.

According to VMware, vulnerability (CVE-2014-8372) affects AirWatch by VMware On-Premise 7.3.x.x prior to 7.3.3.0 (FP3) and could enable a user that manages an AirWatch deployment in a multi-tenant environment to view the organizational information and statistics of another tenant.

VMware has fixed the issue in its cloud-based solution, but customers using on-premise deployments must apply the software update.

To perform a self-upgrade, AirWatch Administrator have been instructed to email support@air-watch.com to request the install files. Alternatively, customers may engage an AirWatch Engineer to perform the upgrade on their behalf.

Denis Andzakovic of security-assessment.com was credited for reporting the vulnerability to VMware.

VMware acquired AirWatch in a $1.54 Billion deal announced in Jan. 2014. 

Tweet

For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the enterprise IT security space and the threat landscape. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several leading security conferences.

Previous Columns by Mike Lennon:

IBM Unveils "X-Force Red" Pen Testing Group

Industrial Cybersecurity Firm CyberX Raises $9 Million

Kaspersky in Search of Hackers for New Bug Bounty Program

PhishMe Raises $42.5 Million in Series C Funding

Analysts Reveal Arsenal of Cyber Tools Used by Islamic Terrorists

View Our Library of on Demand Security Webcasts

2016 ICS Cyber Security Conference - Atlanta, GA [Oct 24-27]

Download Free Security Resources from the SecurityWeek White Paper Library

Visit The RSA Advanced Security Operations Resource Center

sponsored links

Tags:

• Mobile Security
• NEWS & INDUSTRY
• Mobile & Wireless